1

Even a few days ago everything was fine, but now simply I can't capture and see tcp, http, etc. wifi traffic but only the traffic for the protocols 802.11 and LLC. I used different wifi spots previously as well as now: none of them was changed somehow, there was no password added to them. What was changed is most probably the setting of wireshark but I really can't find out what exactly: I've tryied mix them up but there was no luck.

Also, when I start capturing the traffic in monitoring mode, I get disconnected after about 30 seconds and can't connect again until I turn off and turn on the WiFi card again. Although it seems a standard behaviour (I read about it), a few days ago it didn't occur at all.

What I can see in wireshark is only my local traffic. A checkbox Enable decryption is checked at settings->protocols->ieee 802.11.

What did change, how to get it back? Maybe I did something with my WiFi interface?

P.S. Yes, I saw the tutorial at wireshark website and Capturing wireless traffic (using Wireshark)

Community
  • 1
Incerteza
  • 203

1 Answers1

2

You changed the Link-Layer Header Type in the Capture Options dialog. You set it to one of the 802.11 modes instead of "Ethernet".

On some (most? all?) Wi-Fi interfaces, you'll only see 802.11 types if you've checked the "Monitor Mode" checkbox. To see the "Ethernet" type as an option on the "Link-Layer Header Type" pop-up menu, you may need to un-check the "Monitor Mode" checkbox.

Spiff
  • 110,156